From 75c8584997e7e09a20c7ebba1802461362b67a7b Mon Sep 17 00:00:00 2001
From: Alon Zakai <azakai@google.com>
Date: Fri, 7 May 2021 20:59:30 -0700
Subject: [Wasm GC] Fix Array initialization of a packed value (#3868)

We truncated and extended packed values in get and set, but
not during initialization.

Found by the fuzzer.
---
 src/wasm-interpreter.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index 42bcbaebc..008825632 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -1643,7 +1643,8 @@ public:
       if (init.breaking()) {
         return init;
       }
-      auto value = init.getSingleValue();
+      auto field = curr->type.getHeapType().getArray().element;
+      auto value = truncateForPacking(init.getSingleValue(), field);
       for (Index i = 0; i < num; i++) {
         data[i] = value;
       }
-- 
cgit v1.2.3